You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@incubator.apache.org by "Geir Magnusson Jr." <ge...@apache.org> on 2005/08/01 06:06:27 UTC
Request for Comment : Harmony Contribution Policy
Incubator PMC and community :
We have developed a contribution policy in the Apache Harmony
podling, and I'd like to present it here and ask for comment. We
believe that this is in the spirit of openness of the ASF, as well as
supporting the ASFs respect for IP and interest in minimizing risk to
the ASF, the project community, and eventual downstream users due to
third party encumbrance.
Motivation
----------
Apache Harmony is going to develop a full, certified version of J2SE
5, a distribution which includes both the VM and class library. We
will be building from new code, contributions, and re-use of external
packages. We require a high level of certainty that any of the
software in our distribution is original work and not subject to
claim by any other party. We believe that this will give us the
greatest opportunity for full community participation.
Risks
-----
Sun Microsystems, as well as other vendors, have made the source code
for their VM and class library widely available under a host of non-
open source licenses. For example, the distribution has been wide
enough that it's a reasonable guess that every JDK from Sun has
included such source code, and many, many developers have examined
such source for a host of innocent and legitimate reasons, such as
stepping into the source when debugging their programs, or examining
the source to see how something worked/why a bug was happening/etc.
All of these exposures are legitimate, but we need to ensure that
because of this wide availability, we take extra precautions to
protect those copyrights. Further, we believe that many people with
professional experience relevant to Harmony - for example, have
worked for Sun or other vendors on Java - are interested in the
project, and that runs the risk of accidental exposure of trade
secrets, and the subsequent problems that a project may then be
subject to, e.g. SCO vs IBM as an example.
Goal
----
Our goal is two-fold :
a) Ensure that we structure our contribution policies
to maximize participation across the entire community.
b) Ensure that we do everything practical to ensure we do
not violate the copyright or trade secrets of other
entities as we build our project.
Contribution Framework
----------------------
0) The standard Apache process of Individual Contributor License
Agreements, Corporate Contributor License Agreements and Software
Grants will be followed as the basis of our policies.
1) We will have a SVN repository structured around technology parts
of the platform to which ACLs can be used to limit access. The
granularity of the access will be determined by the information
obtained from the Authorized Contributors (see #2, next). IOW, we'll
add fine structure as necessary. To start, we expect to see high
level structure such as JVM, class library and tools, with
substructure as needed (ex JVM : (interpreter, memory manager,
compiler, OS integration layer), classlibrary : (... package
groupings ...) etc)
2) We are creating the concept of an Authorized Contributor. An
Authorized Contributor is someone who has, in addition to the ICLA
and CCLA (if appropriate), has executed a Authorized Contributor
Questionnaire :
http://incubator.apache.org/harmony/auth_cont_quest.html
a document which basically has a contributor state where/how they
have been exposed to relevant IP. From this information, we can
limit their access to those places where their participation doesn't
add an unreasonable element of contamination to the codebase. For
example, an engineer who works for a corporation full time on the
hotspot compiler part of a virtual machine would be prevented from
working only in that part of the project (unless that corporate
granted that person permission to work there via a CCLA). That
engineer would of course be welcome in all other parts of the codebase.
Authorized Contributor Questionnaires will be accepted and managed by
the Apache Harmony PMC (PPMC for now), and we will kindly request
that original documents can be stored with the rest of the
Foundation's records.
3) A Bulk Contribution is defined as any work that was created
outside of the normal day-to-day development stream of the project
and is being offered as a contribution to the project. For Bulk
Contributions we shall :
a) Require the CCLA & Software Grant, or a Software Grant,
as is normal for any contribution to the ASF
b) Require that it is contributed by Authorized Contributors
b) Register each donation via distinct inclusion in a
"bulk contribution" area of SVN before intermingling
with the rest of the codebase
We expect to enact these policies through a combination of :
1) focused PMC oversight
2) constant contributor education
3) additional mechanical means such as enhancements to template for
commits
4) external surveillance such as a third-party looking for
significant similarity between our codebase and other codebases, such
as Sun's source, source from other vendors that wish to participate,
and other open source projects.
Finally, we plan to continue to work with Sun and other organizations
to clarify or amend any existing third-party licenses in order to
reduce the number of people that would have limits on how they
participate in the project.
Comments? (Like I need to ask for them... )
geir
--
Geir Magnusson Jr +1-203-665-6437
geir@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Request for Comment : Harmony Contribution Policy
Posted by robert burrell donkin <ro...@gmail.com>.
On 8/1/05, Dirk-Willem van Gulik <di...@webweaving.org> wrote:
> On Mon, 1 Aug 2005, robert burrell donkin wrote:
>
> > of trade secrets and strictly limits the rights of employers to
> > material created by an employee in their own time using their
> > materials.
>
> On paper - yes - but national law and case-law shows that as soon as that
> material is even remotely in the same line of work as gainfully employed
> to do; cases err. towards the employer.
AIUI that is not the case with UK law (for copyright at least).
anything your create in your own time which does not use your
employers materials belongs to you. the only difficulties arise when
the disputed material is very similar to material demonstrated to be
owned by your employer (in which case, i agree that cases err towards
the employer).
> > time. any agreements related to employment will be interpreted under
> > employment law rather than contract law (which are quite different) so
>
> Agreed.
>
> > even a signed CCLA may offer little help to the ASF in the event of a
> ^
> > dispute. so, may need an additional clause with different wording for
> > those in similar jurisdictions.
>
> This I do not see - a CLA yes (esp. if the employer was not informed about
> it - which in most EU countries an employee effectively has to do). But a
> CCLA from the employer ? Because then the dispute is between the ASF and
> the Employer about the agreement set out in the CCLA.
i do agree that (if you can find a UK employer willing to sign it),
having a CCLA decreases the chances of an employer successfully
obtaining title.
i worry that the CCLA is a contract framed under US law and which may
not turn out to be enforcable in other jurisdictions. for example,
AIUI it does not explicitly exclude actions under employment law to
obtain title (claiming - for example - that the employee was not
empowered to make certain contributions). in the UK, the matter of
copyright (in a dispute) would be assigned by a court judgement. the
case would be between employee and employer and the ASF would not be a
party to the primary action. i'm unsure whether the ASF would be able
to sue anyone in those circumstances.
IANAL
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Request for Comment : Harmony Contribution Policy
Posted by Dirk-Willem van Gulik <di...@webweaving.org>.
On Mon, 1 Aug 2005, robert burrell donkin wrote:
> of trade secrets and strictly limits the rights of employers to
> material created by an employee in their own time using their
> materials.
On paper - yes - but national law and case-law shows that as soon as that
material is even remotely in the same line of work as gainfully employed
to do; cases err. towards the employer.
> time. any agreements related to employment will be interpreted under
> employment law rather than contract law (which are quite different) so
Agreed.
> even a signed CCLA may offer little help to the ASF in the event of a
^
> dispute. so, may need an additional clause with different wording for
> those in similar jurisdictions.
This I do not see - a CLA yes (esp. if the employer was not informed about
it - which in most EU countries an employee effectively has to do). But a
CCLA from the employer ? Because then the dispute is between the ASF and
the Employer about the agreement set out in the CCLA.
Dw
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Request for Comment : Harmony Contribution Policy
Posted by "Geir Magnusson Jr." <ge...@apache.org>.
On Aug 1, 2005, at 8:16 AM, robert burrell donkin wrote:
>> Comments? (Like I need to ask for them... )
>>
>
> Re: Part VIII : Employment Limitations
>
> may need to think about the differences in employment law in different
> jurisdications.
Yes - we've already encountered comments about that on the list.
>
> AIUI European employment law typically does not recognise the concept
> of trade secrets and strictly limits the rights of employers to
> material created by an employee in their own time using their
> materials. on the other hand, authorization of the work by the
> employer may led to loss of rights to material created by the employee
> in the employer's time. any agreements related to employment will be
> interpreted under employment law rather than contract law (which are
> quite different) so even a signed CCLA may offer little help to the
> ASF in the event of a dispute. so, may need an additional clause with
> different wording for those in similar jurisdictions.
Ok - note that it is encouragement, rather than a requirement, but
this is good - if there's something that works in European employment
law that helps achieve our goal of reducing the possible claims on
the Harmony codebase, we're all ears... :)
geir
>
> (but of course IANAL)
>
> - robert
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
--
Geir Magnusson Jr +1-203-665-6437
geirm@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Request for Comment : Harmony Contribution Policy
Posted by robert burrell donkin <ro...@gmail.com>.
> Comments? (Like I need to ask for them... )
Re: Part VIII : Employment Limitations
may need to think about the differences in employment law in different
jurisdications.
AIUI European employment law typically does not recognise the concept
of trade secrets and strictly limits the rights of employers to
material created by an employee in their own time using their
materials. on the other hand, authorization of the work by the
employer may led to loss of rights to material created by the employee
in the employer's time. any agreements related to employment will be
interpreted under employment law rather than contract law (which are
quite different) so even a signed CCLA may offer little help to the
ASF in the event of a dispute. so, may need an additional clause with
different wording for those in similar jurisdictions.
(but of course IANAL)
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Request for Comment : Harmony Contribution Policy
Posted by "Geir Magnusson Jr." <ge...@apache.org>.
On Aug 1, 2005, at 6:02 PM, Roy T. Fielding wrote:
> On Aug 1, 2005, at 10:22 AM, Justin Erenkrantz wrote:
>
>
>
>> Furthermore, my understanding of copyright law is that you can't
>> be tainted by 'reading' source code years ago and then writing a
>> version independently. (In fact, the examples I've heard of are
>> 'minutes apart' is legally acceptable.) Of course, patent
>> infringement occurs whether you've read the code or not. FWIW,
>> our compiler languages class here at UC Irvine teaches Java
>> internals - therefore, they'd all be 'tainted' under this
>> definition - which isn't actually the case.
>>
>>
>
> I agree with Justin. BTW, the two sides of the coin are copyright
> and trade secret law. Copyright does not apply to things that you
> may have learned in the past. Trade secret and NDA text could apply,
> but only if the code has never been revealed to the public. BigCo
> cannot claim trade secrets on anything they have released under
> a non-NDA source code license, published in a book, or posted to
> their website.
>
Agreed, but that's not what we're worried about - we're worried about
those that have worked on things that weren't as you describe above.
There aren't many of them, but they are interested in us, and we in
them.
> I doubt that there is anything in J2SE/EE that still
> qualifies as a trade secret, since the JCP has revealed all of the
> interfaces.
>
I think there probably is in implementations. There certainly is the
possibility for things like the VMs where there are implementations
out there that haven't been publicly exposed as source.
>
> The CLA is sufficient for all of that. We just need to remind people
> of their obligations under the CLA.
>
Yep, for anything that is as you said under a non-NDA source code
license, in a book, posted to a website, etc...
geir
>
> ....Roy
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
>
--
Geir Magnusson Jr +1-203-665-6437
geirm@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Request for Comment : Harmony Contribution Policy
Posted by Jeffrey Thompson <jt...@us.ibm.com>.
"Roy T. Fielding" <fi...@gbiv.com> wrote on 08/01/2005 06:02:34 PM:
> On Aug 1, 2005, at 10:22 AM, Justin Erenkrantz wrote:
>
> > Furthermore, my understanding of copyright law is that you can't be
> > tainted by 'reading' source code years ago and then writing a version
> > independently. (In fact, the examples I've heard of are 'minutes
> > apart' is legally acceptable.) Of course, patent infringement occurs
> > whether you've read the code or not. FWIW, our compiler languages
> > class here at UC Irvine teaches Java internals - therefore, they'd all
> > be 'tainted' under this definition - which isn't actually the case.
>
> I agree with Justin. BTW, the two sides of the coin are copyright
> and trade secret law. Copyright does not apply to things that you
> may have learned in the past.
I think that there is a misunderstanding as to what the requirements are
for a copyright claim. If we want to get into a more complete discussion,
the legal-discuss list would be more appropriate, but in short, the above
posts are incorrect. Merely reading another work (in the past, even years
in the past) is sufficient as a basis for a copyright claim. Basically,
to successfully assert a copyright claim, you need to show 2 things . . .
Access and Substantial Similarity. Access does not need to be concurrent.
There have been cases where the access was MANY, MANY years prior.
Jeff
Staff Counsel, IBM Corporation (914)766-1757 (tie)8-826 (fax) -8160
(notes) jthom@ibmus (internet) jthom@us.ibm.com (home) jeff@beff.net
(web) http://www.beff.net/
Re: Request for Comment : Harmony Contribution Policy
Posted by "Roy T. Fielding" <fi...@gbiv.com>.
On Aug 1, 2005, at 10:22 AM, Justin Erenkrantz wrote:
> Furthermore, my understanding of copyright law is that you can't be
> tainted by 'reading' source code years ago and then writing a version
> independently. (In fact, the examples I've heard of are 'minutes
> apart' is legally acceptable.) Of course, patent infringement occurs
> whether you've read the code or not. FWIW, our compiler languages
> class here at UC Irvine teaches Java internals - therefore, they'd all
> be 'tainted' under this definition - which isn't actually the case.
I agree with Justin. BTW, the two sides of the coin are copyright
and trade secret law. Copyright does not apply to things that you
may have learned in the past. Trade secret and NDA text could apply,
but only if the code has never been revealed to the public. BigCo
cannot claim trade secrets on anything they have released under
a non-NDA source code license, published in a book, or posted to
their website. I doubt that there is anything in J2SE/EE that still
qualifies as a trade secret, since the JCP has revealed all of the
interfaces.
The CLA is sufficient for all of that. We just need to remind people
of their obligations under the CLA.
....Roy
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Request for Comment : Harmony Contribution Policy
Posted by "Geir Magnusson Jr." <ge...@apache.org>.
On Aug 1, 2005, at 1:22 PM, Justin Erenkrantz wrote:
> --On August 1, 2005 12:06:27 AM -0400 "Geir Magnusson Jr."
> <ge...@apache.org> wrote:
>
>
>> Comments? (Like I need to ask for them... )
>>
>
> I think Part II should be removed or rather be the opposite: which
> components are you forbidden to participate in due to the answers
> in the questionnaire. I don't like seeing the community get pigeon-
> holed like that: commit access should be 'blanket' unless there's a
> legal reason not to do so.
That is what Part II is - you can do anything except for the specific
pieces for which you declare.
I see why you were confused by it, so we'll clean up that language.
>
> Part IV should contain mention of the software grant to the ASF.
> We should have these on file for all large donations not developed
> under the 'confines' of the ASF.
Ah, yes. I thought I stated that clearly that standard ASF policy is
the base for this all - SG or CCLA+SG is required. Will fix to be
clear.
>
> Part VIII should probably mention "employed by a corporation".
> (Self-employed people wouldn't necessarily need to sign a CCLA.)
Sure. Good point.
>
> Furthermore, my understanding of copyright law is that you can't be
> tainted by 'reading' source code years ago and then writing a
> version independently.
I think it depends on the source. If there's a trade secret that you
learned in the process, you probably still have a problem, right?
> (In fact, the examples I've heard of are 'minutes apart' is
> legally acceptable.) Of course, patent infringement occurs whether
> you've read the code or not. FWIW, our compiler languages class
> here at UC Irvine teaches Java internals - therefore, they'd all be
> 'tainted' under this definition - which isn't actually the case.
Ok - this is a good example to help is iteratively clarify. How are
they tainted?
>
> The relevant questions should be whether you are currently covered
> by an NDA or other confidential agreements with Sun (err, BigCo).
> -- justin
It's more than just Sun - that's the problem. Sun licenses their
code to everyone, and therefore you could be under NDA with, oh, IBM,
because you worked on IBMs production J2SE platform which uses
licensed Sun code...
geir
--
Geir Magnusson Jr +1-203-665-6437
geirm@apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: Request for Comment : Harmony Contribution Policy
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
--On August 1, 2005 12:06:27 AM -0400 "Geir Magnusson Jr."
<ge...@apache.org> wrote:
> Comments? (Like I need to ask for them... )
I think Part II should be removed or rather be the opposite: which
components are you forbidden to participate in due to the answers in the
questionnaire. I don't like seeing the community get pigeon-holed like
that: commit access should be 'blanket' unless there's a legal reason not
to do so.
Part IV should contain mention of the software grant to the ASF. We should
have these on file for all large donations not developed under the
'confines' of the ASF.
Part VIII should probably mention "employed by a corporation".
(Self-employed people wouldn't necessarily need to sign a CCLA.)
Furthermore, my understanding of copyright law is that you can't be tainted
by 'reading' source code years ago and then writing a version
independently. (In fact, the examples I've heard of are 'minutes apart' is
legally acceptable.) Of course, patent infringement occurs whether you've
read the code or not. FWIW, our compiler languages class here at UC Irvine
teaches Java internals - therefore, they'd all be 'tainted' under this
definition - which isn't actually the case.
The relevant questions should be whether you are currently covered by an
NDA or other confidential agreements with Sun (err, BigCo). -- justin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org